Configure user authentication for a communication task.
When sending a form in a communication task, you can configure user authentication to ensure only authorized users gain access to the form.
The authorized users are usually external users not in Cortex XSIAM, and they will not be able to access anything else in Cortex XSIAM
Define in your IdP (for example, Okta) a dedicated group of external users who you want to authenticate.
Select
→ → → .In the Communication Task Authentication tab, toggle to Enable Communication task SSO Connection. Set the following parameters using your organization’s IdP.
General
Parameter
Description
Single Sign-on URL
Indicates your SSO URL, which is a fixed, read-only value based on your tenant's URL using the format
https://
. For example,<name of Cortex-XSIAM>
.paloaltonetworks.com/idp/samlhttps://tenant1.xsoar.paloaltonetworks.com/idp/saml
You need this value when configuring your IdP.
Audience URI (SP Entity ID)
Indicates your Service Provider Entity ID, also known as the ACS URL. It is a fixed, read-only value using the format,
https://
. For example<name of Cortex-XSIAM>
.xdr.<region>.paloaltonetworks.comhttps://tenant1.xdr.us.paloaltonetworks.com
.You need this value when configuring your organization’s IdP.
IdP SSO URL
Specify your organization’s SSO URL, which is copied from your organization’s IdP.
IdP Issuer ID
Specify your organization’s IdP Issuer ID, which is copied from your organization’s IdP.
X.509 Certificate
Specify your X.509 digital certificate, which is copied from your organization’s IdP.
IdP Attribute Mappings
These IdP attribute mappings are dependent on your organization’s IdP.
Parameter
Description
Email
Specify the email mapping according to your organization’s IdP.
First Name
Specify the first name mapping according to your organization’s IdP.
Last Name
Specify the last name mapping according to your organization’s IdP.
Advanced Settings (Optional)
The following advanced settings are optional to configure and some are specific for a particular IdP.
Parameter
Description
Relay State
(Optional) Specify the URL for a specific page that you want users to be directed to after they’ve been authenticated by your organization’s IdP and log in to Cortex XSIAM.
IdP Single Logout URL
(Optional) Specify your IdP single logout URL provided from your organization’s IdP to ensure that when a user initiates a logout from Cortex XSIAM, the identity provider logs the user out of all applications in the current identity provider login session.
SP Logout URL
(Optional) Indicates the Service Provider logout URL that you need to provide when configuring single logout from your organization’s IdP to ensure that when a user initiates a logout from Cortex XSIAM, the identity provider logs the user out of all applications in the current identity provider login session. This field is read-only and uses the following format
https://<name of Cortex-XSIAM>.xdr.<region>paloaltonetworks.com/idp/logout
, such ashttps://tenant1.xdr.us.paloaltonetworks.com/idp/logout
.Service Provider Public Certificate
(Optional) Specify your organization’s IdP service provider public certificate.
Service Provider Private Key (Pem Format)
(Optional) Specify your organization’s IdP service provider private key in Pem Format.
ADFS
(Optional) Select this checkbox when you are configuring Microsoft ADFS services.
Passwordless Authentication MFA
(Optional) Requires non-password credentials for SSO authentication. If selected, this option requires users to choose intrinsically safer authentication factors such as biometric authentication to access Cortex XSIAM.
Force Authentication
(Optional) Requires users to reauthenticate to access the Cortex XSIAM tenant, even if they already authenticated to access other applications.
In the Task details of your playbook communication task, check Require users to authenticate to have your SAML or AD authenticate the recipient before allowing them access to the form.